W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 2005

Re: [Bug 71] Clarify what servers may and may not do with privileges when BIND is used

From: Lisa Dusseault <lisa@osafoundation.org>
Date: Wed, 11 May 2005 14:06:02 -0700
Message-Id: <e3be1623a84c49aec2a55db938e28efb@osafoundation.org>
Cc: webdav WG <w3c-dist-auth@w3.org>
To: Elias Sinderson <elias@cse.ucsc.edu>

Elias, I guess you didn't see my recent mail about being on a 
several-week vacation?  I was gone the whole time of the conversations 
that you wanted a timely response for.  It was a long absence, but I 
promise I won't have frequent honeymoons.

As for managing the Bugzilla bug status, I had kind of assumed that was 
a failed experiment.  Until you responded, Julian and I were the only 
ones who had used the system.  Without any usage, it certainly wasn't 
working as expected.  I appreciate you trying to use it as intended but 
it still might be a broken process.

With respect to this particular bug, I don't agree this should be 
closed.  The specification doesn't say what permissions changes might 
be applied when BIND or REBIND methods are successful at creating new 
bindings.  I had a strawman proposal and I'd like to see some feedback 
on it:

"When a client uses BIND or REBIND to create/modify a binding to an 
resource, the server has three options: treat this as a new resource and
overwrite the resource ACL with the permissions that would be inherited 
in the
location of the new binding, treat this as an existing resource and do 
no ACL
inheritance, or take a middle path and use ACL inheritance in the new 
by adding the permissions granted to the ACLs already on the resource.  
A server
SHOULD follow the last approach, as being the approach assumed to be 
closest to
the user's desired model, where a resource bound to multiple URLs ought 
to be
available to principals who would be able to access that URL had it 
been bound
using PUT."

With respect to other bugs, I'll try to get to my issues but I'm still 
catching up at work too.


On May 1, 2005, at 1:34 PM, bugzilla@soe.ucsc.edu wrote:

> http://ietf.cse.ucsc.edu:8080/bugzilla/show_bug.cgi?id=71
> ------- Additional Comments From elias@cse.ucsc.edu  2005-05-01 13:34 
> -------
> "I believe we should close this issue.
> After taking the time to review the relevant sections in the ACL and
> BIND specs,  my conclusion is that the existing text is sufficient."
> http://lists.w3.org/Archives/Public/w3c-dist-auth/2005AprJun/0029.html
> ------- You are receiving this mail because: -------
> You reported the bug, or are watching the reporter.
Received on Wednesday, 11 May 2005 21:06:24 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:01:34 UTC